Create: 2013/08/02
LastUpdate: 2013/08/04
ここでは、knife-xenserver を使用して、XenServerの仮想マシンを作ってみます。
knife-xenserverは、XenServer と Chef を使って仮想マシンのプロビジョニングを行う knife のプラグインです。
[参考サイト]
knife-xenserver を試すテスト環境では、「 [CentOS6] Chef11 + Chefspec で試すインフラの構成管理」で作成したクライアント・サーバ構成の Chef11 と「 [XenServer 6.1.0] VM作成時にIPアドレス設定」で作成した仮想マシンのテンプレートを使用します。
[テスト環境]
- Chef 管理サーバ
192.168.1.67(chetos6g) ・・・ Chefサーバ + ワークステーション - Chef 管理対象
192.168.1.68(centos6h) ・・・ ノード - XenServerホスト
192.168.1.222
1.ワークステーションに knife-xenserver インストール
Chef 管理サーバに root ユーザでログインし、以下のように gem でインストールします。
# /opt/chef/embedded/bin/gem install knife-xenserver --no-ri --no-rdoc Fetching: terminal-table-1.4.5.gem (100%) Fetching: excon-0.25.3.gem (100%) Fetching: formatador-0.2.4.gem (100%) Fetching: net-scp-1.1.2.gem (100%) Fetching: ruby-hmac-0.4.0.gem (100%) Fetching: fog-1.14.0.gem (100%) Fetching: colored-1.2.gem (100%) Fetching: uuidtools-2.1.4.gem (100%) Fetching: knife-xenserver-1.3.2.gem (100%) Fetching: mini_portile-0.5.1.gem (100%) Successfully installed terminal-table-1.4.5 Successfully installed excon-0.25.3 Successfully installed formatador-0.2.4 Successfully installed net-scp-1.1.2 Successfully installed ruby-hmac-0.4.0 Successfully installed fog-1.14.0 Successfully installed colored-1.2 Successfully installed uuidtools-2.1.4 Successfully installed knife-xenserver-1.3.2 Successfully installed mini_portile-0.5.1 10 gems installedちゃんとインストールされたか確認してみます。
chef ユーザにスイッチし、ワークステーションで以下のように knife コマンドを実行します。
# su - chef $ knife xenserver --help FATAL: Cannot find sub command for: 'xenserver --help' Available xenserver subcommands: (for details, knife SUB-COMMAND --help) ** XENSERVER COMMANDS ** knife xenserver vm list (options) knife xenserver sr create (options) knife xenserver vm poweron VM_NAME [VM_NAME] (options) knife xenserver network list knife xenserver vm delete VM_NAME [VM_NAME] (options) knife xenserver sr list (options) knife xenserver template create knife xenserver vm create (options) knife xenserver vm poweroff VM_NAME [VM_NAME] (options) knife xenserver host list (options) knife xenserver template list上記のように、使用方法が表示されたらOKです。
こんどは、XenServerに接続できるように設定します。
~/.chef/knife.rb ファイルに以下のように XenServerホストへの接続情報を記述します。(赤字部分)
log_level :info log_location STDOUT node_name 'chef' client_key '/home/chef/.chef/chef.pem' validation_client_name 'chef-validator' validation_key '/home/chef/.chef/validation.pem' chef_server_url 'https://192.168.1.67' syntax_check_cache_path '/home/chef/.chef/syntax_check_cache' cookbook_path [ '/home/chef/chef-repo/cookbooks' ] knife[:xenserver_password] = 'password' knife[:xenserver_username] = 'root' knife[:xenserver_host] = '192.168.1.222'knife コマンドで XenServer へ接続できるか試してみます。
以下のように knife コマンドを実行して、ホストのリストを表示します。
$ knife xenserver host list Connecting to XenServer host 192.168.1.222... +-------+--------------------------------------+ | NAME | UUID | +-------+--------------------------------------+ | xs200 | 82a896d8-7a0d-4c52-b450-1e33f43q7c33 | +-------+--------------------------------------+XenServer ホストが表示されたらOKです。
2.仮想マシンの作成
XenServerのテンプレートから新規の仮想マシンを作成して、apache のレシピを適用してみます。
- ここで使用するテンプレートは、「 [XenServer 6.1.0] VM作成時にIPアドレス設定」で作成したものです。
- ここで使用するapacheのレシピは、「 [CentOS6] Chef11 + Chefspec で試すインフラの構成管理」で作成したものです。
# knife xenserver vm create --help knife xenserver vm create (options) --batch script.yml Use a batch file to deploy multiple VMs --bootstrap-version VERSION The version of Chef to install --node-name NAME The Chef node name for your new node -s, --server-url URL Chef Server URL -k, --key KEY API Client Key --[no-]color Use colored output, defaults to enabled -c, --config CONFIG The configuration file to use --defaults Accept default values for all questions --disable-editing Do not open EDITOR, just accept the data as is -d, --distro DISTRO Bootstrap a distro using a template; default is 'ubuntu10.04-gems' -e, --editor EDITOR Set the editor to use for interactive commands -E, --environment ENVIRONMENT Set the Chef environment --extra-vdis "SR name":size1[,"SR NAME":size2,..] Create and attach additional VDIs (size in MB) -F, --format FORMAT Which format to use for output --[no-]host-key-verify Disable host key verification -i IDENTITY_FILE, The SSH identity file used for authentication --identity-file --keep-template-networks Do no remove template inherited networks (VIFs) -M, --mac-addresses mac[,mac..] Mac address list -u, --user USER API Client Username --print-after Show the data after a destructive operation -r, --run-list RUN_LIST Comma separated list of roles/recipes to apply --skip-bootstrap Skip bootstrap process (Deploy only mode) -P, --ssh-password PASSWORD The ssh password -x, --ssh-user USERNAME The ssh username; default is 'root' --template-file TEMPLATE Full path to location of template to use -V, --verbose More verbose output. Use twice for max verbosity -v, --version Show chef version --vm-cpus AMOUNT The VCPUs of the Virtual Machine --vm-dns NAMESERVER DNS servers to set in xenstore --vm-domain DOMAIN DOMAIN of host to set in xenstore --vm-gateway GATEWAY Gateway address to set in xenstore --vm-ip IP IP address to set in xenstore --vm-memory AMOUNT The memory limits of the Virtual Machine --vm-name NAME The Virtual Machine name --vm-netmask NETMASK Netmask to set in xenstore -N network[,network..], Network where nic is attached to --vm-networks --vm-tags tag1[,tag2..] Comma separated list of tags --vm-template NAME The Virtual Machine Template to use --xenserver-host ADDRESS Your XenServer host address --xenserver-password PASSWORD Your XenServer password --xenserver-username USERNAME Your XenServer username (default 'root') -y, --yes Say yes to all prompts for confirmation -h, --help Show this messageでは、仮想マシンを作成してみます。
ワークステーションで以下のようにコマンドを実行します。
$ knife xenserver vm create --vm-template 84test -x root -P password --vm-name 84test_new --vm-ip 192.168.1.88 --vm-netmask 255.255.255.0 --vm-gateway 192.168.1.1 --vm-dns 192.168.1.110 --vm-domain example.com --keep-template-networks -r "recipe[apache]" -s 'https://192.168.1.67' -d chef-full以下のようなエラーになりました。
192.168.1.88 ########################################### [100%]
192.168.1.88 Thank you for installing Chef!
192.168.1.88 Starting Chef Client, version 11.4.4
192.168.1.88 Creating a new client identity for 84test_new using the validator key.
192.168.1.88 resolving cookbooks for run list: ["apache"]
192.168.1.88 Synchronizing Cookbooks:
192.168.1.88
192.168.1.88 ================================================================================
192.168.1.88 Error Syncing Cookbooks:
192.168.1.88 ================================================================================
192.168.1.88
192.168.1.88
192.168.1.88 Networking Error:
192.168.1.88 -----------------
192.168.1.88 Error connecting to https://centos6g/bookshelf/organization-00000000000000000000000000000000/checksum-63031b1f846e733e4e86edbe1e4f3b15?AWSAccessKeyId=2712ba85d3a48f1f41ef4eeac314d96fd8b7fc41&Expires=1375431720&Signature=vsjDcJjA8U5LplOU4qznYpB3/hM%3D - getaddrinfo: Name or service not known
192.168.1.88
192.168.1.88 Your chef_server_url may be misconfigured, or the network could be down.
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 Relevant Config Settings:
192.168.1.88 -------------------------
192.168.1.88 chef_server_url "https://192.168.1.67"
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 [2013-08-02T17:05:40+09:00] ERROR: Running exception handlers
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: Saving node information to /var/chef/cache/failed-run-data.json
192.168.1.88 [2013-08-02T17:05:40+09:00] ERROR: Exception handlers complete
192.168.1.88 Chef Client failed. 0 resources updated
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.1.88 [2013-08-02T17:05:40+09:00] FATAL: SocketError: Error connecting to https://centos6g/bookshelf/organization-00000000000000000000000000000000/checksum-63031b1f846e733e4e86edbe1e4f3b15?AWSAccessKeyId=2712ba85d3a48f1f41ef4eeac314d96fd8b7fc41&Expires=1375431720&Signature=vsjDcJjA8U5LplOU4qznYpB3/hM%3D - getaddrinfo: Name or service not known
ホスト名(cehtos6g)でChefサーバにアクセスしようとしているので、テンプレートの /etc/hosts に "centos6g" を追加します。テンプレートの /usr/sbin/xe-set-hostname で /etc/hosts を作成している処理を修正しました。(赤字部分)
# change hosts
cp /etc/hosts /etc/hosts.ORG
cat << EOF > /etc/hosts
127.0.0.1localhost localhost.localdomain
192.168.1.67 centos6g
$IP$NAME.$DOMAIN$NAME
EOF
テンプレートを作り直して、再度、knifeコマンドを実行すると、以下のエラーになりました。192.168.1.88 Thank you for installing Chef!
192.168.1.88 Starting Chef Client, version 11.4.4
192.168.1.88 Creating a new client identity for 84test_new using the validator key.
192.168.1.88
192.168.1.88 ================================================================================
192.168.1.88 Chef encountered an error attempting to create the client "84test_new"
192.168.1.88 ================================================================================
192.168.1.88
192.168.1.88
192.168.1.88 Authorization Error:
192.168.1.88 --------------------
192.168.1.88 Your validation client is not authorized to create the client for this node (HTTP 403).
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 Possible Causes:
192.168.1.88 ----------------
192.168.1.88 * There may already be a client named "84test_new"
192.168.1.88 * Your validation client (chef-validator) may have misconfigured authorization permissions.
192.168.1.88
192.168.1.88
192.168.1.88
192.168.1.88 [2013-08-02T15:50:28+09:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
192.168.1.88 [2013-08-02T15:50:28+09:00] FATAL: Net::HTTPServerException: 403 "Forbidden"
最初のknifeコマンド実行で、クライアント(84test_new)とノード(84test_new)がChefサーバに登録成功していたようです。2回目のknifeコマンド実行で、登録済でエラーになりました。
knifeコマンド(または、WebUI) を使用して、クライアント(84test_new)とノード(84test_new)を削除します。
$ knife client delete 84test_new $ knife node delete 84test_new再度、knifeコマンドを実行すると、今度は成功しました。
実行結果は以下のとおり
Connecting to XenServer host 192.168.1.222... Creating VM 84test_new... Using template 84test [uuid: 15c44025-aacc-c4df-7309-d56255951f10]... Adding attributes to xenstore... VM Name: 84test_new VM Memory: 512 MB Waiting server... Trying to SSH to 192.168.1.88... ...... done Bootstrapping Chef on 192.168.1.88 192.168.1.88 % Total % Received % Xferd Average Speed Time Time Time Current 192.168.1.88 Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 178 178 178 178 0 0 412 0 --:--:-- --:--:-- --:-- 178 178 178 178 0 0 411 0 --:--:-- --:--:-- --:--:-- 931 100 6509 100 6509 0 0 4307 0 100 6509 100 6509 0 0 4306 0 0:00:01 0:00:01 --:--:-- 0 192.168.1.88 Downloading Chef 11.4.4 for el... 192.168.1.88 % Total % Received % Xferd Average Speed Time Time Time Cur 192.168.1.88 rent 192.168.1.88 Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 192.168.1.88 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 ~ 省略 ~ 192.168.1.88 Installing Chef 11.4.4 192.168.1.88 警告: /tmp/tmp.Ee63SWLe/chef-11.4.4.i686.rpm: ヘッダ V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY 192.168.1.88 準備中... 192.168.1.88 ######################################## (100%) 192.168.1.88 192.168.1########################################### [100%] 192.168.1.88 1:chef 192.168.1.88 ( 1%) 192.168.1.88 # ( 3%) ~ 省略 ~ 192.168.1.88 ########################################### [100%] 192.168.1.88 Thank you for installing Chef! 192.168.1.88 Starting Chef Client, version 11.4.4 192.168.1.88 Creating a new client identity for 84test_new using the validator key. 192.168.1.88 resolving cookbooks for run list: ["apache"] 192.168.1.88 Synchronizing Cookbooks: 192.168.1.88 - apache 192.168.1.88 Compiling Cookbooks... 192.168.1.88 Converging 3 resources 192.168.1.88 Recipe: apache::default 192.168.1.88 * package[httpd] action install 192.168.1.88 192.168.1.88 - install version 2.2.15-28.el6.centos of package httpd 192.168.1.88 192.168.1.88 * template[/etc/httpd/conf/httpd.conf] action create 192.168.1.88 192.168.1.88 - update template[/etc/httpd/conf/httpd.conf] from beb8a6 to 75b1e1 192.168.1.88 --- /etc/httpd/conf/httpd.conf 2013-04-29 17:09:52.000000000 +0900 192.168.1.88 +++ /tmp/chef-rendered-template20130802-1400-1xo8zmx 2013-08-02 17:36:57.685862786 +0900 192.168.1.88 @@ -41,7 +41,7 @@ 192.168.1.88 # Don't give away too much information about all the subcomponents 192.168.1.88 # we are running. Comment out this line if you don't mind remote sites 192.168.1.88 # finding out what major optional modules you are running 192.168.1.88 -ServerTokens OS 192.168.1.88 +ServerTokens Prod 192.168.1.88 192.168.1.88 # 192.168.1.88 # ServerRoot: The top of the directory tree under which the server's 192.168.1.88 @@ -259,7 +259,7 @@ 192.168.1.88 # e-mailed. This address appears on some server-generated pages, such 192.168.1.88 192.168.1.88 # as error documents. e.g. admin@your-domain.com 192.168.1.88 # 192.168.1.88 -ServerAdmin root@localhost 192.168.1.88 +ServerAdmin admin@example.com 192.168.1.88 192.168.1.88 # 192.168.1.88 # ServerName gives the name and port that the server uses to identify itself. 192.168.1.88 @@ -273,7 +273,7 @@ 192.168.1.88 # You will have to access it by its address anyway, and this will make 192.168.1.88 # redirections work in a sensible way. 192.168.1.88 # 192.168.1.88 -#ServerName www.example.com:80 192.168.1.88 +ServerName 127.0.0.1:80 192.168.1.88 192.168.1.88 # 192.168.1.88 # UseCanonicalName: Determines how Apache constructs self-referencing 192.168.1.88 192.168.1.88 192.168.1.88 * service[httpd] action enable 192.168.1.88 192.168.1.88 - enable service service[httpd] 192.168.1.88 192.168.1.88 192.168.1.88 * service[httpd] action start 192.168.1.88 192.168.1.88 - start service service[httpd] 192.168.1.88 192.168.1.88 192.168.1.88 * service[httpd] action restart 192.168.1.88 192.168.1.88 - restart service service[httpd] 192.168.1.88 192.168.1.88 Chef Client finished, 5 resources updated Name: 84test_new IP Address: 192.168.1.88 Environment: _default Run List: recipe[apache] Done!仮想マシンがChefサーバへ登録されているか見てみます。
$ knife node list 84test_new centos6h $ knife client list 84test_new centos6h chef-validator chef-webuiknife コマンド一発で以下のように処理が流れたようです。
- テンプレートから仮想マシン生成
- sshで仮想マシンにログイン
- Opscode のWEBサイトから Chefをダウンロード
- Chefクライアントをインストール
- Chefサーバに登録
- レシピ(apache)実行